Ideal Behavior:
Prior to connecting, a peer would validate that the remote is on their whitelist.
Actual Behvaior:
If remote peer calls addPeer, they can subvert the client's whitelist.
Example: Peer A creates a swarm with only Peer B on the whitelist. If Peer C calls addPeer(A), then A will allow the connection, even though they have not whitelisted Peer C.
const swarm = require('discovery-swarm')
// On Peer A's computer with IP 192.168.128.100
const opts = {
whitelist: ['192.168.128.200'] // Peer B
}
const sw = swarm(opts)
sw.listen(19000)
// On Peer C's computer with IP IP 192.168.128.50
const sw = swarm()
sw.addPeer('arbitraryName', {host: '192.168.128.100', port: '19000'})
Ideal Behavior: Prior to connecting, a peer would validate that the remote is on their whitelist.
Actual Behvaior: If remote peer calls addPeer, they can subvert the client's whitelist.
Example: Peer A creates a swarm with only Peer B on the whitelist. If Peer C calls addPeer(A), then A will allow the connection, even though they have not whitelisted Peer C.